]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
signature/dsa_sig.c: Add checks for the EVP_MD_get_size()
authorJiasheng Jiang <jiasheng@purdue.edu>
Fri, 22 Mar 2024 22:12:50 +0000 (22:12 +0000)
committerTomas Mraz <tomas@openssl.org>
Tue, 9 Apr 2024 18:45:26 +0000 (20:45 +0200)
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: 45a845e40b ("Add EVP_DigestSign/EVP_DigestVerify support for DSA")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23948)

providers/implementations/signature/dsa_sig.c

index b89a0f6836b2b4222b967f3e0c83bd0171bb1697..12cbdb4356d575652c5743f360c7612196e3f979 100644 (file)
@@ -93,8 +93,14 @@ typedef struct {
 
 static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx)
 {
-    if (pdsactx->md != NULL)
-        return EVP_MD_get_size(pdsactx->md);
+    int md_size;
+
+    if (pdsactx->md != NULL) {
+        md_size = EVP_MD_get_size(pdsactx->md);
+        if (md_size <= 0)
+            return 0;
+        return (size_t)md_size;
+    }
     return 0;
 }